Lincoln Medical and Mental Health Center in Bronx, N.Y., recently notified 130,495 patients of a breach of their protected health information after seven CDs a business associate FedEx'd were lost (see story).  In a statement to Health Data Management, the hospital, part of NYC Health and Hospitals Corp., explains why the data was not encrypted and free identity and credit protection services were not offered to affected patients:

"Under the HIPAA security regulations, encryption is not a legal requirement but a suggested 'addressable' method of safeguarding electronic protected health information. Nevertheless, the Siemens CDs had been safeguarded using password protection. Moreover, in the very unlikely event that an unauthorized user managed to crack or bypass the password, that individual would need to know how to access and utilize Siemens' proprietary software in order to view the information.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access